baseband version. Baseband Hacking: A New Era of Smartphone Hacking
Security researcher Ralph-Philip Weinmann says he
found a new way to implement mobile devices- using fake
base station and vulnerabilities found in microchip firmware sold
by Qualcomm and Infineon Technologies. Weinmann will demonstrate the hack on
example, both iPhone and Android devices, this week during
Black Hat conference in Washington.
Earlier attempts of mobile hacking affected the operating system of the phone
or other software, but this hack focuses on invading
telephone processor, which is the equipment that sends radio signals and
receiving them from telephone towers.
Baseband hack details
In reports
IDG News Service and
, this new hack is described in detail. In short, this
a highly technical process that requires the installation of a fake phone tower
to communicate with the target device. In recent years, this has been an impossible task.
because of the huge costs - tens of thousands of dollars. But now, thanks to the new
open software entitled
, any
can install a tower for $2,000, which equals the price of computer equipment.
Mobile companies are also making necessary equipment more accessible by
providing consumers with femtocells (low-power and miniature cellular station
communications designed to serve a small area - one office or
apartments) in an attempt to expand mobile coverage. Femtocells such as 3G MicroCell
from AT&T, even less expensive ones; AT&T equipment costs as little as $150.
To carry out the attack, Weinmann sets up a fake transceiver, which
used to send malicious code by means of a radio signal
target device. The code exploits a vulnerability found in GSM/3GPP
phone baseband processor stacks. Weinmann says that such organizations
as GSM Association and European Telecommunications Standards Institute
(European Telecommunications Standards Institute) not even
considered the possibility of such attacks.
Should I be worried?
In addition to the cost of this certain kind hacking - he still
quite expensive - the code that Weinmann wrote is unique,
since it requires deep knowledge of the chipset device and only some hackers
quite a lot of people know about it, according to the IDG report.
In essence, Weinmann was able to set a new vector of development in the field of hacking
smartphones, open up a field that is currently being explored by a small
the number of researchers. In August, for example, Chris Paget demonstrated
spoofing attack at the Defcon hacker conference in Las Vegas, after receiving
permission for this from the US Federal Communications Agency at the last minute.
Probably Weinmann's followers will be able to continue his work, but it will take
enough time.
In other words, this is still a growing area for hackers.
It's too early to tell the varieties of this new baseband hacking technique.
hacking but on this moment security experts say that
the general public need not worry about attacks like this in the near future.
According to Sophos security consultant Graham Cluley, "If
would someone like to spy on your conversations on mobile phone, would
easier to trick a user into installing an app that
is a spy, or gain physical access to a cell phone for
installing spyware code," he said. "I would be surprised if someone
made every effort that this researcher offers for this."
Bootloader is not BaseBand or Firmware.
BOOTLOADER:
Versions: 3.9, 4.6
What it is?
The iPhone has at least two bootloaders. One is called "ARM Core Bootloader" (ARM - iPhone processor), it refers to the operating system. We are also interested in a bootloader called "BaseBand Bootloader". Additional Information about bootloader features will be included soon.A bootloader is a loving mom who goes to the iPhone's room when it turns on. She wakes him up, pulls him out of the crib and prepares him for school. Its main function is to make sure that the iPhone wakes up before getting out of the crib; that the iPhone got out of bed before taking a shower; that the iPhone took a shower before getting dressed and that the iPhone got dressed before going outside. Without a bootloader, the iPhone would be dozing at the bus stop in wet pajamas waiting for the bus.
Bootloaders are responsible for the fact that when the iPhone is loaded - it does everything it needs and in the right order.
Like people, the iPhone has one mother for life. If you bought an iPhone with bootloader version 3.9, then you always have it, no matter how many upgrades you have made.
Of course, there are times when people have a stepmother. Some people have gone from their 4.6 mommy to a 3.9 mommy. We hope that if your iPhone did this, you know about it.
Why is it important?
The version of your bootloader determines the type of unlock possible for you. Because 3.9 is mommy liberal and open minded, she will allow developers to do whatever they want during boot. This makes the phone accessible.Bootloader 4.6 is much stricter. Mistress 4.6 is confident that her iPhone will grow up to be President and she controls everything he does (or doesn't do). For example, 4.6 doesn't allow writing a BaseBand that doesn't pass validation.
In order for BaseBand (explained below) to pass validation, you need secpack. Imagine that this is a secret word that children and parents came up with in case the uncle suddenly wants to pick up the children from school. Without the secpack secret word, it is impossible to write the hacked BaseBand to the phone. And without the BaseBand hack, it is impossible to use the unlock method that is used in ZiPhone. To somehow deal with this, ZiPhone and Independence offer you a divorce from your impenetrable mother 4.6 and give you in return good mother 3.9.
If you still want to live with Mom 4.6 (because you also want to become President), then you will have to use the so-called soft-update method, which sets software updates in the OS, but does not change BaseBand. This method is sometimes called a hybrid unlock.
What do I have?
The iPhone unlock methods mainly target the "BaseBand Bootloader". There are versions 3.9 and 4.6. Initially, iPhones came with Bootloader "3.9. If your firmware was version 1.1.1 or earlier, you have 3.9. If you bought an iPhone in 2008, you most likely have 4.6.
In any case, if you used ZiPhone - then you have version 3.9 Original.
BASEBAND:
Versions: 03.12.06_G, 03.14.08_G, 04.01.13_G, 04.02.13_G, 04.03.13_G, 04.04.05_G
What it is?
BaseBand (hereinafter referred to as BB) is an iPhone portfolio.The BB manages the interaction between the phone part of the iPhone and the operating system. In most cell phones, the BB chip is separate from the phone's main memory and processor. We don't know if this is the case for the iPhone. BB is one of those things Ms. Bootloader checks when she wakes up the iPhone.
Whenever the iPhone is connected to cell towers - for voice or data - it works through the BB. The BB is also responsible for the health of the SIM card and for receiving the signal.
So why did Apple do this? Why did Apple create a secure, hard-to-reach and closed piece of hardware to store phone functions?
Obviously, in order for it to be protected, difficult to access and closed. More reasons? Because that's how cell phones work. Every modern cell phone there is VV. These functions are separated for the same reason that computers separate audio and video cards - to ensure stability.
When the iPhone leaves for school, it has to take something with it. He needs notebooks, a ruler, a calculator, a folder, etc. VV has it all. As many of you know, you can take a schoolbag from a student without killing him. Your BB may not work, but the iPhone will work - although, in this case, it will look more like an iPod Touch.
You may think that you are making a call when you dial numbers on your iPhone. Wrong. You create a chain of instructions. By pressing the "Call" button you transmit these instructions operating system, and she passes them to BB. BB disables EDGE / GPRS, sends a message to the cell tower about the beginning of the call, gives the tower telephone number, waits for a response signal ("Busy" or "Free") and as soon as the connection starts, it turns on the microphone and speaker of the phone. Since BB knows how to do all this, the iPhone can only say "Call this number here" and wait for a response. He does not need to use his comparative powerful processor to do such mundane things.
Why is it important?
For now, this is important because it's the difference between having and not having the "Find Me" feature in Google Maps. In the future, other functions may rely on the updated BB. So far, "Find Me" is the only "new" BB feature.Remember - BB handles all communications between cell towers and the iPhone's OS. There is a possibility that the phone always receives data about its location from the towers - that is why programs like Navizon work. But as of version 4.03.13_G, Apple added code that made the process easier. Navizon is probably looking for tower coordinates in BB. From version 4.03.13_G and higher, Apple's program only needs to ask "Where am I?". BB does all the work and sends coordinates back.
What do I have?
FIRMWARE:
Versions: 1.0.0, 1.0.1, 1.0.2, 1.1.1, 1.1.2, 1.1.3, 1.1.4
What's this?
Firmware (hereinafter - FW) - this is our student, iPhone. That's all he is, his soul. This is his operating system.Let's look again at what we have already read. When you turn on the iPhone, Mommy/BB starts waking up and getting the student/Firmware ready for school. She makes sure that all morning routines/Services have been completed. She equips and gives the briefcase/Baseband to the student/Firmware and sends it to school.
FW is very flexible. To date, it includes the iPhone core, Springboard (desktop), all its applications, WiFi, Internet functions, etc. Through FW, Apple can and does change a lot of things.
Why is it important?
Shaky icons and web apps, send SMS to multiple numbers, "Find me" in Google Maps and SDK (already!). Knowing the version of your FW is important in order to keep abreast of events around Jailbreak "a and Unlock. With each new version in-demand features and apps were popping up that forced people to update - or kill themselves for fear of losing compatibility with third party applications or unlocked SIM cards after the update.
What do I have?
Your version is displayed in iTunes whenever you connect your iPhone to your computer. Look in the Summary tab.
Below you will read about how to find exclusively 100% original copy your first check!
Recently, I have received many messages asking for help in various issues related to unlocking Apple iCloud Activation Lock.
I hasten to answer you all at once here - on the pages of my blog.
Many people ask - where can I get the original check for the first purchase and what is it?
I answer - this is the most common cash receipt if you bought your device personally in a store. For example, when buying Apple iPhone in the store Apple Store you will definitely be given such a check and it will look something like this -
About iOS iCloud Activation lock - one more time!
A lot of time has passed since Apple launched the iOS Activation lock security feature, and this option has proven to be quite reliable. The information content of the Apple website regarding the use of iCloud Lock has also changed several times. The conditions for the official unlocking of iOS iCloud Activation lock from Apple have changed radically.
All these factors, as well as letters with questions about how it is now possible to actually disable iOS iCloud Activation lock on iOS devices, prompted me to write this article. Below you will get detailed description how you can independently and completely officially disable on your iOS device iCloud activation lock. After this procedure, your iPhone - iPod - iPad will work absolutely fully without any nuances in use. This is especially true for devices with a modem module, such as iPhone and iPad with 3G.
